API Key authentication
All API requests are authenticated using an API key. Generate one from the Orova dashboard and include it in the x-api-key header:
curl https://app.orova.ai/api/agents \
-H "x-api-key: YOUR_API_KEY"
Create an API key
Navigate to API Keys
Go to Settings → API Keys.
Create a key
Click Create API Key and give it a descriptive name.
Copy the key
Copy the key immediately — it’s only shown once.
Keep your API key secret. Don’t expose it in client-side code (except the widget’s data-api-key attribute). Use it only in server-to-server requests.
Using the API key
Include it in every request as a header:
curl https://app.orova.ai/api/agents \
-H "x-api-key: YOUR_API_KEY"
<script
src="https://app.orova.ai/widget/orova-widget.js"
data-api-key="YOUR_API_KEY"
...
></script>
Workspace isolation
All data is scoped to a workspace. Include workspaceId as a query parameter or in the request body when needed:
curl "https://app.orova.ai/api/agents?workspaceId=WORKSPACE_ID" \
-H "x-api-key: YOUR_API_KEY"
